util/tests: enable locking on iptables/ebtables commandlines in unit tests

All the unit tests that use iptables/ip6tables/ebtables have been
written to omit the locking/exclusive use primitive on the generated
commandlines. Even though none of the tests actually execute those
commands (and so it doesn't matter for purposes of the test whether or
not the commands support these options), it still made sense when some
systems had these locking options and some didn't.

We are now at a point where every supported Linux distro has supported
the locking options on these commands for quite a long time, and are
going to make their use non-optional. As a first step, this patch uses
the virFirewallSetLockOverride() function, which is called at the
beginning of all firewall-related tests, to set all the bools
controlling whether or not the locking options are used to true. This
means that all the test cases must be updated to include the proper
locking option in their commandlines.

The change to make actual execs of the commands unconditionally use
the locking option will be in an upcoming patch - this one affects
only the unit tests.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>

tests/virfirewalltest.c

@@ -149,15 +149,17 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
                 *error = g_dbus_error_new_for_dbus_error("org.firewalld.error",
                                                          "something bad happened");
         } else {
-            if (nargs == 1 &&
+            if (nargs == 2 &&
                 STREQ(type, "ipv4") &&
-                STREQ(args[0], "-L")) {
+                STREQ(args[0], "-w") &&
+                STREQ(args[1], "-L")) {
                 reply = g_variant_new("(s)", TEST_FILTER_TABLE_LIST);
-            } else if (nargs == 3 &&
+            } else if (nargs == 4 &&
                        STREQ(type, "ipv4") &&
-                       STREQ(args[0], "-t") &&
-                       STREQ(args[1], "nat") &&
-                       STREQ(args[2], "-L")) {
+                       STREQ(args[0], "-w") &&
+                       STREQ(args[1], "-t") &&
+                       STREQ(args[2], "nat") &&
+                       STREQ(args[3], "-L")) {
                 reply = g_variant_new("(s)", TEST_NAT_TABLE_LIST);
             } else {
                 reply = g_variant_new("(s)", "success");
@@ -184,8 +186,8 @@ testFirewallSingleGroup(const void *opaque)
     int ret = -1;
     const char *actual = NULL;
     const char *expected =
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
     const struct testFirewallData *data = opaque;
 
     fwDisabled = data->fwDisabled;
@@ -236,8 +238,8 @@ testFirewallRemoveRule(const void *opaque)
     int ret = -1;
     const char *actual = NULL;
     const char *expected =
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
     const struct testFirewallData *data = opaque;
     virFirewallRulePtr fwrule;
 
@@ -295,10 +297,10 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED)
     int ret = -1;
     const char *actual = NULL;
     const char *expected =
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
-        IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
+        IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
     const struct testFirewallData *data = opaque;
 
     fwDisabled = data->fwDisabled;
@@ -382,10 +384,10 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED)
     int ret = -1;
     const char *actual = NULL;
     const char *expected =
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
-        IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+        IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
     const struct testFirewallData *data = opaque;
 
     fwDisabled = data->fwDisabled;
@@ -450,10 +452,10 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED)
     int ret = -1;
     const char *actual = NULL;
     const char *expected =
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
-        IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+        IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A OUTPUT --jump DROP\n";
     const struct testFirewallData *data = opaque;
 
     fwDisabled = data->fwDisabled;
@@ -517,8 +519,8 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED)
     int ret = -1;
     const char *actual = NULL;
     const char *expected =
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n";
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n";
     const struct testFirewallData *data = opaque;
 
     fwDisabled = data->fwDisabled;
@@ -577,11 +579,11 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED)
     int ret = -1;
     const char *actual = NULL;
     const char *expected =
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
-        IPTABLES_PATH " -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
-        IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+        IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+        IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
     const struct testFirewallData *data = opaque;
 
     fwDisabled = data->fwDisabled;
@@ -657,10 +659,10 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED)
     int ret = -1;
     const char *actual = NULL;
     const char *expected =
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
-        IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
-        IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+        IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+        IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
     const struct testFirewallData *data = opaque;
 
     fwDisabled = data->fwDisabled;
@@ -740,14 +742,14 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
     int ret = -1;
     const char *actual = NULL;
     const char *expected =
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
-        IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
-        IPTABLES_PATH " -D INPUT --source-host 192.168.122.127 --jump REJECT\n"
-        IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"
-        IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
-        IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+        IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.127 --jump REJECT\n"
+        IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"
+        IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+        IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n";
     const struct testFirewallData *data = opaque;
 
     fwDisabled = data->fwDisabled;
@@ -882,12 +884,14 @@ testFirewallQueryHook(const char *const*args,
                       void *opaque G_GNUC_UNUSED)
 {
     if (STREQ(args[0], IPTABLES_PATH) &&
-        STREQ(args[1], "-L")) {
+        STREQ(args[1], "-w") &&
+        STREQ(args[2], "-L")) {
         *output = g_strdup(TEST_FILTER_TABLE_LIST);
     } else if (STREQ(args[0], IPTABLES_PATH) &&
-               STREQ(args[1], "-t") &&
-               STREQ(args[2], "nat") &&
-               STREQ(args[3], "-L")) {
+               STREQ(args[1], "-w") &&
+               STREQ(args[2], "-t") &&
+               STREQ(args[3], "nat") &&
+               STREQ(args[4], "-L")) {
         *output = g_strdup(TEST_NAT_TABLE_LIST);
     }
 }
@@ -930,15 +934,15 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
     int ret = -1;
     const char *actual = NULL;
     const char *expected =
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
-        IPTABLES_PATH " -L\n"
-        IPTABLES_PATH " -t nat -L\n"
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.130 --jump REJECT\n"
-        IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
-        IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
-        IPTABLES_PATH " -A INPUT --source-host 192.168.122.128 --jump REJECT\n"
-        IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
+        IPTABLES_PATH " -w -L\n"
+        IPTABLES_PATH " -w -t nat -L\n"
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.130 --jump REJECT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.129' --jump REJECT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.128 --jump REJECT\n"
+        IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n";
     const struct testFirewallData *data = opaque;
 
     expectedLineNum = 0;